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The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )K Responsive to communication(s) filed on 22 January 2007 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) KI Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-30 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1 . In view of the appeal brief filed on 1/22/07, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1 . 1 1 1 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41.20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 



2. Applicant's arguments with respect to claims 1-30 have been considered but are 
moot in view of the new ground(s) of rejection. The applicant argues that Arnold fails to 
teach or suggest a generating a password in response to an event. The examiner 
respectfully disagrees, the limited-use administrative password is a converted limited- 
use hash of the concatenating of the machine specific hash and the nonce (see Arnold: 



signing below: 




Response to Arguments 
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Fig. 5A, elements 176, 174). The nonce value is part of the password, the nonce, itself 
is not a password as the applicant concludes, and the computer system could 
automatically update the nonce (see Arnold: col. 8, lines 9-17) each time the computer 
system \s powered on (i.e. an occurrence of a prescribed password generation event). 
The applicant argues that the limited-use password is generated upon request, not a 
prescribed event. The examiner respectfully disagrees/the nonce is updated each time 
the computer system is powered on (i.e. a hard boot), in turn, the limited-use password 
is updated (i.e. an occurrence of a prescribed password generation event). 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 24-30 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

a) As to claim 24, this claim lacks an appropriate computer readable storage 
medium to define a structural and functional interrelationship between a computer 
program and other elements of a computer which permit the functionality of the 
computer program to be realized. It is clearly not a series of steps or acts to be a 
process nor is it a combination of chemical compounds to be a composition of matter. 
As such, it fails to fall within a statutory category. It is, at best, functional descriptive 
material per se. 
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b) As to claims 25-30, these claims are rejected by a similar rationale applied 
against claim 24. 

Claim Rejections - 35 USC § 103 

5. • The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1,4-5, 9-10, 12-13, 16-17, 21, 23-26 and 29 are rejected under 35 
U.S.C. 102(e) as being unpatentable over Ryu (6,067,625) in view of Arnold et al. 
(6,601,175). 

a) As to claims 1 , 13 and 24, Ryu discloses a method for maintaining a 
password in a computer system with an operating system for running a dedicated 
application, comprising: producing a coded password as a function of the generated 
password, wherein the generated password can be determined by decoding the coded 
password (i.e. encrypting the password stored in the CMOS or non-volatile memory, 
and the encrypted password can be decoded, see Ryu: col. 2, lines 35-36 and lines 40- 
41); displaying the coded password to a user of the computer system (see Ryu: col. 2, 
lines 34-37), wherein the user can receive the generated password by providing the 
coded password to a remote password provider (see Ryu: col. 2, lines 38-42); and 
storing the coded password for use in connection with a secure operating system (i.e. it 
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is inherently understood that the code password is stored in order to get displayed to a 
user of the computer system, as addressed above). 

However Ryu is silent on the teaching of generating a password in response to 
an occurrence of a prescribed password generation event; and providing the generated 
password to an operating system security module. 

Arnold is relied on for the teaching of generating a password in response to an 
occurrence of a prescribed password generation event (see Arnold: Fig. 5A, element 
178); providing the generated password to an operating system security module (see 
Arnold: Fig. 5A, element 172). Arnold also discloses storing the password for use in 
connection with a secure operating system login access (see Arnold: col. 7, line 56 to 
col. 8, line 9). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of generating a password in response to an occurrence of a 
prescribed password generation event; and providing the generated password to an 
operating system security module in the system of Ryu, as Arnold teaches so as to 
provide password protection for data processing systems (see Arnold: col. 1 , lines 25- 
27). 

b) As to claims 4, 16 and 25, please see addressed above claim 1 

c) As to claims 5, 17 and 26, the combination of Ryu and Arnold discloses 
the prescribed password generation event includes at least one selected from the group 
consisting of a computer system power up; a computer system re-boot; expiration of a 
prescribed time duration from an immediately preceding password generation event; 
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restoration of a security level from a modified security level to a default security level, 
and occurrence of a secure operating system login access (see Arnold: col. 8, lines 16- 
17). 

d) As to claim 9, the combination of Ryu and Arnold discloses generating the 
password includes generating the password for a prescribed username (see Arnold: col. 
3, lines 33-43), 

e) As to claims 1 0, 21 and 29, the examiner takes official notice that the user 
accesses the system needs the username. The user is understood to mean a person 
(i.e. a service person, a repair person, an administration person) therefore username 
includes a service username. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of service username in the prescribed username so as to 
specifically generate and assign user account. 

f) As to claims 12 and 23, the combination of Arnold and Ryu discloses the 
computer system includes at least one selected from the group consisting of a stand- 
alone computer system and a stand-alone network of computer systems (see Arnold: 
Fig.1). 

7. Claims 2-3 and 14-15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ryu (6,067,625) in view of Arnold et al. (6,601,175) and further in view of 
Thompson et al. (6,725,382). 



Application/Control Number: 09/922,178 Page 7 

Art Unit: 2137 

The combination of Ryu and Arnold discloses the method of claim 1 , however it 
is silent on the teaching of overwriting a previously generated password or previously 
stored coded password. 

Thompson is relied on for the teaching of a security mechanisms for thwarting 
theft or unauthorized access of devices and particularly to password mechanisms 
comprising overwriting any previous value of password (see Thompson: col, 6, lines 32- 
37). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of overwriting previous value of password as Thompson 
teaches in the system of Ryu and Arnold so as to maintain the updated password. 

8. Claims 6, 18 and 27 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ryu (6,067,625) in view of Arnold et al. (6,601,175) and further in view of Henn et 
al. (2004/0139349). 

The combination of Ryu and Arnold discloses the method of claim 5, however it 
is silent on the teaching of the modified security level of a password generation event 
includes at least one selected from the group consisting of a change in the security level 
within the dedicated application, a security level override within the dedicated 
application, and a one-shot security access within the dedicated application. 

Henn is relied on the teaching of having the modified security level of a password 
generation event includes at least one selected from the group consisting of a change in 
the security level within the dedicated application, a security level override within the 
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dedicated application, and a one-shot security access within the dedicated application 
(i.e. a change in the security level of a certain application without changing the 
application function to be accessed (see Henn: page 2, paragraph [0023]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of having the modified security level of a password 
generation event includes at least one selected from the group consisting of a change in 
the security level within the dedicated application, a security level override within the 
dedicated application, and a one-shot security access within the dedicated application 
as Henn teaches in the system of Ryu and Arnold so as to protect the security of the 
system. 

9. Claims 7 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ryu (6,067,625) in view of Arnold et al. (6,601,175) and further in view of Kidder et al. 
(2004/0031030). 

The combination of Ryu and Arnold discloses the method of claim 1 , however it 
is silent on the teaching of searching a username registry of the dedicated application 
upon the occurrence of the prescribed password generation event and removing any 
invalid usernames from the username registry. 

Kidder is relied on for the teaching of searching a username registry of the 
dedicated application upon the occurrence of the prescribed password generation event 
(see Kidder: paragraph [0307], i.e. during login, the server searches the database for 
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matching username) and removing any invalid usernames from the username registry 
(see Kidder: paragraph [0324], i.e. if a rogue user is identified, the its profile is deleted). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of searching a username registry of the dedicated 
application upon the occurrence of the prescribed password generation event and 
removing any invalid usernames from the username registry in the system of Ryu and 
Arnold, as Kidder teaches so as to keep the registry up to date with valid information. 

10. Claims 8, 20 and 28 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ryu (6,067,625) in view of Arnold et al. (6,601,175) in view of Kidder et al. 
(2004/0031030) in view of IBM Technical Disclosure Bulletin (NB9203306) and further 
in view of Swift (6,308, 274). 

The combination of Ryu, Arnold and Kidder discloses the method of claim 7, 
however it is silent of the capability of reviewing privileges associated with respective 
valid usernames in the username registry and resetting the privileges of the respective 
valid username to prescribed default settings. 

IBM Technical Disclosure Bulletin (IBM-TDB) is relied on for the teaching of 
reviewing privileges associated with respective valid usernames in the username 
registry (i.e. examining, changing, deleting object definitions (e.g. privileges) required for 
a distributed security service, see IBM-TDB). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of reviewing privileges associated with respective valid 
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usernames in the username registry in the system of Ryu and Arnold as IBM-TDB 
teaches so as to provide a control to all security object for administration purposes (see 
IBM-TDB, first paragraph). 

The combination of Ryu, Arnold and IBM-TDB discloses changing the security 
object (see IBM-TDB), however it is silent on the capability of resetting the privileges of 
the respective valid username to prescribed default settings. 

Swift is relied on for the teaching of resetting the privileges of the respective valid 
username to prescribed default settings (i.e. a user may run a task with enhanced 
privileges, once the task is performed, the restricted privileges (e.g. system default) is 
restored, see Swift: col. 13, line 64 to col. 14, line 8). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of resetting the privileges of the respective valid username i 
to prescribed default settings in the system of Ryu, Arnold and IBM-TDB, as Swift 
teaches so as to conveniently change privilege levels or access rights. 

1 1 . Claims 1 1 , 22 and 30 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Ryu (6,067,625) in view of Arnold et al. (6,601,175) and further in view of Warn 
(5,270,943). 

The combination of Ryu and Arnold discloses the method of claim 1, however it 
is silent on the capability of having the dedicated application includes a point of sale 
application in a fuel dispensing environment. 
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Warn is relied on for the teaching of having a system for controlling fuel 
dispensers through a PC-based point of sale application software (Abstract). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the use of point of sale application in a fuel dispensing as Warn 
teaches in the system of Ryu and Arnold so as to integrate pump control with other 
features (see Warn: Abstract). 

Conclusion 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dieu Nguyen whose telephone number is 571-272- 
3873. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov . Should you 
have questions on aiccess to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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